WO2000051039A1 - Site certificate system - Google Patents
Site certificate system Download PDFInfo
- Publication number
- WO2000051039A1 WO2000051039A1 PCT/AU1999/001173 AU9901173W WO0051039A1 WO 2000051039 A1 WO2000051039 A1 WO 2000051039A1 AU 9901173 W AU9901173 W AU 9901173W WO 0051039 A1 WO0051039 A1 WO 0051039A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- site
- organisation
- certificate authority
- certificate
- domain name
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
Definitions
- the present invention relates to a site certificate system and, more particularly, to such system adapted for rapid and timely maintenance of authentication status of a site certificate adapted particularly for use on what is commonly known as the "Internet”.
- the Internet may be described as a worldwide interconnection of computers all of which are adapted to communicate according to a common protocol currently the protocol is known as TCP/IP.
- PSTN public switch telephone network
- restricted channels Communication between computers according to this protocol takes place across a multitude of communication channels including the public switch telephone network (PSTN) and also more restricted channels.
- PSTN public switch telephone network
- a problem with this arrangement is that the trusted third party which issues the site identification upon which other parties then rely may, itself, not always have up to date information as to the status and identity of the owners of the site in respect of which the site identification is issued.
- the invention consists in a site certificate system for use on the Internet (as defined in the specification) , said system comprising a certificate authority adapted to issue site identifications characteristic of a predetermined organisation, said certificate authority also being adapted to communicate with a domain name server registry thereby to issue a revocation notification to the domain name server registry and update a revocation list for use by the domain name server registry so as to indicate to a relying party that said predetermined organisation does not satisfy certain selected parameters; said selected parameters being under near continuous monitoring by said certificate authority.
- Fig. 1 is a block diagram of a site certificate system according to a first embodiment of the invention.
- FIG. 1 there is shown, in block diagram form, components of a site identification system adapted to co-operate in accordance with a first embodiment of the invention.
- the site certificate system 10 includes a Certificate Authority (CA) 11, a domain name server (DNS) 12, a first organisation server 13 and a relying party 14.
- CA Certificate Authority
- DNS domain name server
- each of the sites 11, 12, 13, 14 is adapted to communicate over the Internet 15 by way of computer interface .
- a computer 16 of relying party 14 will place a query onto the Internet seeking the address of first organisation server 13.
- a domain name server 12 will match the name of the organisation 17 with an Internet address of first organisation server 13 following which a data connection over Internet 15 will be established between
- first organisation server 13 will be interrogated by computer 16 for the purposes of : 1. Authenticating the identity of first organisation server 13 ;
- the site identification 18 is issued by certificate authority 11, the certificate authority 11 being a trusted third party.
- First organisation server 13 is under the control and sponsorship of organisation 17;
- certificate authority 11 maintains a near continuous monitoring of selected parameters pertaining to identity, ownership and financial status of organisation 17 whereby, should one or more of those parameters change m a way which would indicate that site identification 18 no longer reflects correctly the identity, ownership or financial status of organisation 17 then the certificate authority 11 lists the site identification 18 as no longer valid and takes steps to notify the domain name server 12 to re-route enquiries made over the Internet in relation to the domain name of first organisation server to a page which indicates that the site ID 18 of organisation 17 has been revoked.
- the revocation list 19 published by the certificate authority 11 resides on certificate authority 11.
- the domain name server may also redirect queries concerning organisation 17 to the computer upon which the revocation list 19 resides.
- relying party 14 can be confident to a higher level than heretofore that a communication with first organisation server 13 over Internet 15 is a communication with a site which has the sponsorship and approval of organisation 17 and that organisation 17 is m a position to provide the sponsorship and/or approval with reference to the selected parameters which, m this instance, comprise identity, ownership and financial status .
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU27823/00A AU2782300A (en) | 1999-02-26 | 1999-12-24 | Site certificate system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AUPP8933 | 1999-02-26 | ||
AUPP8933A AUPP893399A0 (en) | 1999-02-26 | 1999-02-26 | Site certificate system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2000051039A1 true WO2000051039A1 (en) | 2000-08-31 |
Family
ID=3813132
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/AU1999/001173 WO2000051039A1 (en) | 1999-02-26 | 1999-12-24 | Site certificate system |
Country Status (2)
Country | Link |
---|---|
AU (1) | AUPP893399A0 (en) |
WO (1) | WO2000051039A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002005148A1 (en) * | 2000-07-07 | 2002-01-17 | The Toneguzzo Group Pty Limited | Content filtering and management |
US7225164B1 (en) * | 2000-02-15 | 2007-05-29 | Sony Corporation | Method and apparatus for implementing revocation in broadcast networks |
US7711952B2 (en) | 2004-09-13 | 2010-05-04 | Coretrace Corporation | Method and system for license management |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1998009209A1 (en) * | 1996-08-30 | 1998-03-05 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
WO1998011716A1 (en) * | 1996-09-10 | 1998-03-19 | E-Stamp Corporation | Method and system for electronic document certification |
WO1998037675A1 (en) * | 1997-02-19 | 1998-08-27 | Verifone, Inc. | A system, method and article of manufacture for secure digital certification of electronic commerce |
US5850442A (en) * | 1996-03-26 | 1998-12-15 | Entegrity Solutions Corporation | Secure world wide electronic commerce over an open network |
-
1999
- 1999-02-26 AU AUPP8933A patent/AUPP893399A0/en not_active Abandoned
- 1999-12-24 WO PCT/AU1999/001173 patent/WO2000051039A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5850442A (en) * | 1996-03-26 | 1998-12-15 | Entegrity Solutions Corporation | Secure world wide electronic commerce over an open network |
WO1998009209A1 (en) * | 1996-08-30 | 1998-03-05 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
WO1998011716A1 (en) * | 1996-09-10 | 1998-03-19 | E-Stamp Corporation | Method and system for electronic document certification |
WO1998037675A1 (en) * | 1997-02-19 | 1998-08-27 | Verifone, Inc. | A system, method and article of manufacture for secure digital certification of electronic commerce |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7225164B1 (en) * | 2000-02-15 | 2007-05-29 | Sony Corporation | Method and apparatus for implementing revocation in broadcast networks |
WO2002005148A1 (en) * | 2000-07-07 | 2002-01-17 | The Toneguzzo Group Pty Limited | Content filtering and management |
US7711952B2 (en) | 2004-09-13 | 2010-05-04 | Coretrace Corporation | Method and system for license management |
Also Published As
Publication number | Publication date |
---|---|
AUPP893399A0 (en) | 1999-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7747852B2 (en) | Chain of trust processing | |
US7383434B2 (en) | System and method of looking up and validating a digital certificate in one pass | |
CN111262692B (en) | Key distribution system and method based on block chain | |
US7702902B2 (en) | Method for a web site with a proxy domain name registration to receive a secure socket layer certificate | |
US6823454B1 (en) | Using device certificates to authenticate servers before automatic address assignment | |
US7478236B2 (en) | Method of validating certificate by certificate validation server using certificate policies and certificate policy mapping in public key infrastructure | |
US8086848B2 (en) | Automated process for a web site to receive a secure socket layer certificate | |
US7520339B2 (en) | Apparatus for achieving integrated management of distributed user information | |
JP4758095B2 (en) | Certificate invalidation device, communication device, certificate invalidation system, program, and recording medium | |
JP2006053923A5 (en) | ||
WO2009122162A1 (en) | Identity management | |
KR20090086276A (en) | Metadata broker | |
CN101883106A (en) | Network access authentication method and server based on digital certificate | |
US20020194471A1 (en) | Method and system for automatic LDAP removal of revoked X.509 digital certificates | |
CN111193755B (en) | Data access method, data encryption method and data encryption and access system | |
Hsu et al. | Intranet security framework based on short-lived certificates | |
US8112535B2 (en) | Securing a server in a dynamic addressing environment | |
WO2000051039A1 (en) | Site certificate system | |
JP2004272380A (en) | Group authenticating method and system, service providing device, authentication device, service provision program and recording medium with its program recorded and authentication program and recording medium with its program recorded | |
EP1854260A1 (en) | Access rights control in a device management system | |
JP2003303174A (en) | Method and device for authenticating terminal | |
JP2000207362A (en) | Network system and its user authenticating method | |
JP2002132996A (en) | Server for authenticating existence of information, method therefor and control program for authenticating existence of information | |
JP4730814B2 (en) | User information management method and system | |
JP2001236320A (en) | Terminal specifying method for www |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase |